• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Create own trusted Docker registry server
netPI pulls images from trusted Docker registry servers only. Trusted servers provide a trusted certificate from an official Certificate Authority (CA) to rely on its digital signature. The most popular trusted Docker registry is Docker hub. But you can run trusted Docker registry servers yourself on-premise as well. We show you how.

Here is how you set up your own trusted Docker registry server with help of an official Certificate Authority such as Let's Encypt.
  • First you need a domain name (hostname) of your server. Get one from noip for example. Let's suppose you got a name mydockerregistry.ddns.net.
  • As next configure DynDNS service on your Internet Router as described here so that your router is reachable through your domain name over the internet.
  • Then set up a physical server. Run Linux on it for quick results. Ubuntu will do it.
  • Configure your Internet Router to forward the TCP ports 80 and 443 to the server. Port 80 is needed to demonstrate control over the domain during one time certification process. Port 443 is needed to run the Docker registry across.
  • For an automated certificate issuance you need a web server installed on your server. For quick results we recommend Nginx. To install it simply call sudo apt-get install nginx.
  • Additionally install CertBot, a software that is automatically requesting a certificate from Let's encrypt for your domain. On the web site select as software Nginx and as system Ubuntu and it will be providing you an installation instruction. Execute the proposed commands on your server.
  • During the procedure you will be asked for the domain name you want the certificate for. Enter your domain name mydockerregistry.ddns.net(our example) at this stage.
  • The certificates and keys will be genrated and stored on your server in the folder /etc/letsencrypt/live/mydockerregistry.ddns.net/. Port 80 forwarding on your Internet Router is no longer needed.
  • Now install Docker on your server as described here
  • The certificates and keys need a renaming and a merge so that the Docker registry can use them. Call
    cd /etc/letsencrypt/live/mydockerregistry.ddns.net/cp privkey.pem domain.keycat cert.pem chain.pem > domain.crtchmod 777 domain.crtchmod 777 domain.key
  • Finally run the Docker registry with the following docker command
    $ docker run -d \  --restart=always --name registry \  -v /etc/letsencrypt/live/mydockerregistry.ddns.net:/certs \  -v /opt/docker-registry:/var/lib/registry \  -e REGISTRY_HTTP_ADDR= \  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \  -p 443:443 \  registry:2
  • Now you are able to acess your Docker registry over mydockerregistry.ddns.net. e.g. call the command docker pull mydockerregistry.ddns.net/myimage for example to pull an image named myimage across the internet.
If you want to turn your Docker registry server into a local server you should close all forwarded ports in your Internet Router first and then add the hostname to your server's files /etc/hosts and /etc/hostnames e.g. mydockerregistry.ddns.net(our example). Then run a local DNS server in your network translating the hostname to the local IP address of your server and that's it. All access to mydockerregistry.ddns.net are running now locally.
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)


Possibly Related Threads…
Thread Author Replies Views Last Post
  DHCP server not working m-yoshikawa 20 571 August-27th-2020, 01:30 PM
Last Post: ioexpert
  docker.service start failed EUROKEY 9 196 July-20th-2020, 10:01 AM
Last Post: Armin@netPI
  Docker cannot find image COswald 16 276 May-18th-2020, 07:15 AM
Last Post: COswald
  how to pick up PROFINET data and store them to OPC UA server on Node-RED/netPI. tad 7 263 March-16th-2020, 10:21 AM
Last Post: Armin@netPI
  After „Rebuild“ of Docker neither the node-RED nor the dashboard can be accessed MAK 4 169 January-31st-2020, 02:14 PM
Last Post: MAK
  PM - develope OPC UA Server using the Codesys Lingyue 5 185 January-17th-2020, 11:12 AM
Last Post: Armin@netPI
  [SOLVED] Docker GUI login issue MGharat 1 123 September-19th-2019, 11:50 AM
Last Post: Armin@netPI
  create container in Portainer v1.12.4 dcatteeu 2 124 September-9th-2019, 12:12 PM
Last Post: dcatteeu
Information netPI Docker REST API for versions >= V1.1.4.0 patrick 1 176 July-16th-2019, 02:45 PM
Last Post: patrick
  [SOLVED] Pull Docker Image a.w.d.m. 8 175 July-8th-2019, 11:17 AM
Last Post: Armin@netPI

Forum Jump:

Users browsing this thread: 1 Guest(s)